NT-realm status in WL 5.1 SP4?
1. Can it run on a non-PDC?
2. Can it work with trusted domains?
I'm sure others out there are curious as well...
Thanks,
Christian
Did you get any more information on this. If you did roll your own, do you
know where to ge t info on how to do this, We too need NT user
authentication. We dont have the skill set to build NT authentication
(presumabley in C++), any onformation on this would be very helpfull. I have
done some testing and have confirmed that in SP5 it is still broken,
Although i can see all the users on by PDC, I can not get the authentication
to work
Christian R. Simms <[email protected]> wrote in message
news:[email protected]..
Actually, I don't have a case number. It's for a new project (you canemail me
for details if you want) using WebLogic, and I'm trying to decide whetherto
use NTRealm or roll our own security, and I need the 2 features (non-PDC &
trusted domains) for authentication. It's not clear from the docs on
NTRealm's functionality.if these are supported, and our experiments didn't
work but we could have just screwed up.
Thanks for any info,
Christian
Michael Girdley wrote:
I know that our development team was working on this. Do you still have
a
case number from technical support?
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Christian R. Simms" <[email protected]> wrote in message
news:[email protected]..
1. Can it run on a non-PDC?
2. Can it work with trusted domains?
I'm sure others out there are curious as well...
Thanks,
Christian
Similar Messages
-
Scheduled reports (DeskI) remain in status "Pending" in SP4(FP 4.3)
Hi,
I am facing a weird problem with a BO XI R2 cluster installation (2 Windows Servers, one CMS, 2 DeskI Job servers on one node) after installing SP4 + FP 4.3. The users are allowed to schedule DeskI reports they created themselves. The scheduling works out fine at the beginning but at some point overnight the DeskI servers (although empty) completely ignore the fact that there are available jobs for scheduling. This means that the DeskI reports remain in status "Pending". Changing the "maximum number of jobs" setting at the CMC in the DeskI job servers properties tab seems to work like a wake-up call and the scheduling starts again. After a while though (can take up to a day to get there) the job servers start again to ignore the pending jobs.
Is this a known issue in SP 4? Anyone had similar experiences two?
Any help/ideas & hints will be highly appreciated.
Cheers
StratosHi Will,
Quote: "In any case, in normal circumstances, you should not having pending jobs if your number of running numbers is below your max number of jobs setting". Exactly this is what we are expecting but the job server seems to sleep not caring about the actual number of pending jobs und wakes up only if we use a high setting (40) for the maximum number of jobs.
Have found some references about similar problems for both the Web Intelligence and the Crystal Report Job Servers but not a real solution so far. It may be a problem with the CMS but I am not really sure. Restarting the CMS does not help neither.
Cheers
Stratos -
Business Objects XI 3.1 SP4 Infoview and IE9 HTTP Status 400 - Invalid path
Hi There,
When I working in Infoview with IE9 32Bit or 64Bit and I right click on any object i.e Crystal Report, Folder, Webi Report etc. and select properties I get the following Error
HTTP Status 400 - Invalid path /PlatformServices/properties was requested
Has any one got a workaround or a solution for this problem.
Server - BOE XI 3.1 with SP4 running on a Windows Server 2008 R2 64 bit.
Client PC`s\Laptops - Windows 7 64 bit
Kind Regards,
FrikkieDear all,
Seems the issue is browser compatibility ans the below solution may work in your case
HTTP 400 occurs because of URL difference between IE9 and older versions of supported IE. To resolve this issue, this error in Tomcat will be redirected to a HTML script that applies new URL format. Please follow this 3 steps process:
STEP ONE: Solution in InfoViewAppActions Folder:
1) Go to “D:\Business Objects\Tomcat55\webapps\InfoViewAppActions” folder. This folder already has httperror_404.htm and httperror_500.jsp by default. Rename httperror_404.htm to httperror_404_backup.htm.
2) Copy and paste the attached file from InfoViewAppActions folder (httperror_400.htm and httperror_404.htm) into “D:\Business Objects\Tomcat55\webapps\InfoViewAppActions” folder. Go to “D:\Business Objects\Tomcat55\webapps\InfoViewAppActions\WEB-INF”
3) Take a backup of web.xml file and name it as web_backup.xml
4) Open the file and paste the following script after the Error 404 error handling and save.
Before:
<error-page>
<error-code>404</error-code>
<location>/httperror_404.htm</location>
</error-page>
After:
<error-page>
<error-code>404</error-code>
<location>/httperror_404.htm</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/httperror_400.htm</location>
</error-page>
STEP TWO: Solution in AnalyticalReporting Folder:
1) Go to “D:\Business Objects\Tomcat55\webapps\ AnalyticalReporting” folder. This folder already has httperror_404.htm and httperror_500.jsp by default. Rename httperror_404.htm to httperror_404_backup.htm.
2) Copy and paste the attached file from AnalyticalReporting folder (httperror_400.htm and httperror_404.htm) into “D:\Business Objects\Tomcat55\webapps\ AnalyticalReporting” folder. Go to “D:\Business Objects\Tomcat55\webapps\ AnalyticalReporting \WEB-INF”
3) Take a backup of web.xml file and name it as web_backup.xml
4) Open the file and paste the following script after the Error 404 error handling and save.
Before:
<error-page>
<error-code>404</error-code>
<location>/httperror_404.htm</location>
</error-page>
After:
<error-page>
<error-code>404</error-code>
<location>/httperror_404.htm</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/httperror_400.htm</location>
</error-page> -
Weblogic700 sp4 custom realm for SAM authentication
we have an applicaiton running on WL7.0 sp4 which will be protected by sun access manager 7.1, but in the domain config we need to create a realm that authentication provider will be SAMAuthentication , I want to know whether we need to create a custom realm or we can create iplanet realm.
Well, once again, I'm going to have to provide my own answer.
After much waiting and then deciding to invest much time researching documentation and tracking down information to assist in my solution, I have manage to find the golden egg for my own recipe of a solution.
In addition to the very helpful info I have found at:
http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html
I have mange to get my custom realm to work with the additional configuration of my sun-application.xml for my ear file. Even though I only wanted to specify my custom realm for my web.xml file, it turns out that in addition to this, I had to also define it in my sun-application.xml file (manually in XML text mode - within Netbeans 5.5) as follows:
<sun-application>
<realm>mycustrealm</realm>
<security-role-mapping>
<role-name>mycust_role</role-name>
<group-name>mycust_group</group-name>
</security-role-mapping>
</sun-application> -
Problem starting the sunone webserver 6.1 sp4
Hi,
I am facing problem with starting sunone webserver 6.1 sp4.
Server is starting fine on one of the IPs configured on the box but not starting on other IPs although these IPs are pingable.I assign port nos.
I am getting following logs.
Server Start Up
Status:
*[https-test]: start failed. (0: SSL_ERROR_NO_CERTIFICATE: unable to find the certificate or key necessary for authentication)*
*[https-test]: Sun ONE Web Server 6.1SP4 B01/20/2005 17:43*
*[https-test]: fine: Emulating writev for filter http-compression*
*[https-test]: fine: Emulating sendfile for filter http-compression*
*[https-test]: fine: HTTP3063: KeepAliveTimeout is 30 seconds (default value)*
*[https-test]: fine: HTTP3067: PostThreadsEarly set to off*
*[https-test]: fine: createAdminChannel()*
*[https-test]: fine: CORE3047: Server spawned worker process 25518*
*[https-test]: fine: HTTP5169: User authentication cache entries expire in 120 seconds.*
*[https-test]: fine: HTTP5170: User authentication cache holds 200 users*
*[https-test]: fine: HTTP5171: Up to 4 groups are cached for each cached user.*
*[https-test]: info: CORE3016: daemon is running as super-user*
*[https-test]: fine: HTTP4207: file cache module initialized (API versions 1 through 1)*
*[https-test]: fine: HTTP4302: file cache has been initialized*
*[https-test]: fine: HTTP3066: MaxKeepAliveConnections set to 256*
*[https-test]: warning: CORE1251: On group ls1, servername test does not match subject "login.secure.com" of certificate Server-Cert.*
*[https-test]: warning: CORE1250: In secure virtual server https-test, urlhost test does not match subject "login.secure.com" of certificate Server-Cert.*
*[https-test]: fine: Installed configuration 1*
*[https-test]: fine: jvm stickyAttach: 1*
*[https-test]: fine: jvm option: -DJAVA_HOME=/opt/software/sunone/bin/https/jdk*
*[https-test]: fine: jvm option: -Dcom.sun.web.installRoot=/opt/software/sunone*
*[https-test]: fine: jvm option: -Dcom.sun.web.instanceRoot=/opt/software/sunone*
*[https-test]: fine: jvm option: exit*
*[https-test]: fine: jvm option: vfprintf*
*[https-test]: fine: jvm option: -Djava.security.auth.login.config=/opt/software/sunone/https-test/config/login.conf*
*[https-test]: fine: jvm option: -Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager*
*[https-test]: fine: jvm option: -Xmx256m*
*[https-test]: fine: jvm option: -Djava.class.path=/opt/software/sunone/bin/https/jar/webserv-rt.jar:/opt/software/sunone/bin/https/jdk/lib/tools.jar:/opt/software/sunone/bin/https/jar/webserv-ext.jar:/opt/software/sunone/bin/https/jar/webserv-jstl.jar:/opt/software/sunone/bin/https/jar/ktsearch.jar::*
*[https-test]: fine: Emulating writev for filter j2ee-filter*
*[https-test]: fine: Emulating sendfile for filter j2ee-filter*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.core com.sun.logging.enterprise.system.core.LogStrings FINEST*
*[https-test]: fine: reinitializeLogger: null FINEST*
*[https-test]: fine: reinitializeLogger: global null FINEST*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.util com.sun.logging.enterprise.system.util.LogStrings FINEST*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.core.config com.sun.logging.enterprise.system.core.config.LogStrings FINEST*
*[https-test]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.2_04] from [Sun Microsystems Inc.]*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.core.classloading com.sun.logging.enterprise.system.core.classloading.LogStrings FINEST*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.container.web com.sun.logging.enterprise.system.container.web.LogStrings FINEST*
*[https-test]: fine: WEB7101: Naming Service has been successfully initialized.*
*[https-test]: fine: initializeServerLogger: javax.enterprise.resource com.sun.logging.enterprise.resource.LogStrings FINEST*
*[https-test]: fine: WEB7010: Resource Manager has been successfully initialized.*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.core.security com.sun.logging.enterprise.system.core.security.LogStrings FINEST*
*[https-test]: fine: Initializing configured realms.*
*[https-test]: fine: FileRealm : file=/opt/software/sunone/https-test/config/keyfile*
*[https-test]: fine: FileRealm : jaas-context=fileRealm*
*[https-test]: fine: Reading file realm: /opt/software/sunone/https-test/config/keyfile*
*[https-test]: fine: Configured realm: file*
*[https-test]: fine: NativeRealm: auth-db= null (will use default)*
*[https-test]: fine: NativeRealm : jaas-context=nativeRealm*
*[https-test]: fine: Configured realm: native*
*[https-test]: fine: LDAPRealm : directory=ldap://localhost:389*
*[https-test]: fine: LDAPRealm : base-dn=o=isp*
*[https-test]: fine: LDAPRealm : jndiCtxFactory=com.sun.jndi.ldap.LdapCtxFactory*
*[https-test]: fine: LDAPRealm : jaas-context=ldapRealm*
*[https-test]: fine: LDAPRealm : mode=find-bind*
*[https-test]: fine: LDAPRealm : search-filter=uid=%s*
*[https-test]: fine: LDAPRealm : group-base-dn=o=isp*
*[https-test]: fine: LDAPRealm : group-search-filter=uniquemember=%d*
*[https-test]: fine: LDAPRealm : group-target=cn*
*[https-test]: fine: LDAPRealm : search-bind-dn=null*
*[https-test]: fine: LDAPRealm : search-bind-password=null*
*[https-test]: fine: LDAPRealm : pool-size=5*
*[https-test]: fine: LDAPRealm : authentication=simple*
*[https-test]: fine: Configured realm: ldap*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: fine: Default realm is set to: native*
*[https-test]: fine: Application server configuration file: /opt/software/sunone/https-test/config/server.xml*
*[https-test]: fine: Application Server default locale is en*
*[https-test]: fine: Web container log level: FINEST*
*[https-test]: finer: Creating engine*
*[https-test]: finer: Adding engine (org.apache.catalina.core.StandardEngine/1.0)*
*[https-test]: info: WEB0100: Loading web module in virtual server [https-test] at [search]*
*[https-test]: finer: Creating Loader with parent class loader 'sun.misc.Launcher$AppClassLoader@67ac19'*
*[https-test]: fine: WebModule[search]: Setting delegate to false*
*[https-test]: fine: Default role is: ANYONE*
*[https-test]: fine: WEB0100: Loading web module in virtual server [https-test] at []*
*[https-test]: finer: Creating Loader with parent class loader 'sun.misc.Launcher$AppClassLoader@67ac19'*
*[https-test]: fine: WebModule[]: Setting delegate to false*
*[https-test]: fine: Successfully initialized web application environment for virtual server [https-test]*
*[https-test]: finer: Starting embedded server*
*[https-test]: finer: Naming prefixes property is set to: org.apache.naming*
*[https-test]: finer: Naming initial context factory property is set to: org.apache.naming.java.javaURLContextFactory*
*[https-test]: finer: WebModule[search]: Starting*
*[https-test]: finer: WebModule[search]: Processing start(), current available=false*
*[https-test]: finer: WebModule[search]: Configuring default Resources*
*[https-test]: finer: WebModule[search]: Processing standard container startup*
*[https-test]: finer: WebappLoader[search]: WEB3106: Deploying class repositories to work directory /opt/software/sunone/https-test/ClassCache/https-test/search*
*[https-test]: finer: WebappLoader[search]: WEB3107: Deploy JAR /WEB-INF/lib/messages.jar to /opt/software/sunone/bin/https/webapps/search/WEB-INF/lib/messages.jar*
*[https-test]: finer: StandardManager[search]: WEB3421: Seeding random number generator class java.security.SecureRandom*
*[https-test]: finer: StandardManager[search]: WEB3417: Seeding of random number generator has been completed*
*[https-test]: finer: ContextConfig[search]: WEB3539: ContextConfig: Processing START*
*[https-test]: finer: WebModule[search]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: WebModule[search]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: ContextConfig[search]: Scanning web.xml tag libraries*
*[https-test]: finer: ContextConfig[search]: URI='/search', ResourcePath='/WEB-INF/sun-web-search.tld'*
*[https-test]: finer: ContextConfig[search]: tldConfigJar(/WEB-INF/sun-web-search.tld): java.util.zip.ZipException: error in opening zip file*
*[https-test]: finer: ContextConfig[search]: URI='/jstl-fmt', ResourcePath='/WEB-INF/fmt.tld'*
*[https-test]: finer: ContextConfig[search]: tldConfigJar(/WEB-INF/fmt.tld): java.util.zip.ZipException: error in opening zip file*
*[https-test]: finer: ContextConfig[search]: Scanning library JAR files*
*[https-test]: finest: Realm name has been set to: native*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: finest: The realm native is a NativeRealm.*
*[https-test]: finer: ContextConfig[search]: Pipeline Configuration:*
*[https-test]: finer: ContextConfig[search]: org.apache.catalina.core.StandardContextValve/1.0*
*[https-test]: finer: ContextConfig[search]: ======================*
*[https-test]: finer: WebModule[search]: Configuring application event listeners*
*[https-test]: finer: WebModule[search]: Sending application start events*
*[https-test]: finer: WebModule[search]: Starting filters*
*[https-test]: finer: WebModule[search]: Posting standard context attributes*
*[https-test]: finer: StandardWrapper[search:invoker]: WEB2770: Loading container servlet invoker*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3946: Parent class loader is: WebappClassLoader*
*[https-test]: available:*
*[https-test]: delegate: false*
*[https-test]: repositories:*
*[https-test]: required:*
*[https-test]: ----------> Parent Classloader:*
*[https-test]: sun.misc.Launcher$AppClassLoader@67ac19*
*[https-test]:*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3945: Scratch dir for the JSP engine is: /opt/software/sunone/https-test/ClassCache/https-test/search*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3947: IMPORTANT: Do not modify the generated servlets*
*[https-test]: finer: WebModule[search]: Starting completed*
*[https-test]: finer: WebModule[]: Starting*
*[https-test]: finer: WebModule[]: Processing start(), current available=false*
*[https-test]: finer: WebModule[]: Configuring default Resources*
*[https-test]: finer: WebModule[]: Processing standard container startup*
*[https-test]: finer: WebappLoader[]: WEB3106: Deploying class repositories to work directory /opt/software/sunone/https-test/ClassCache/https-test/default-webapp*
*[https-test]: finer: StandardManager[]: WEB3421: Seeding random number generator class java.security.SecureRandom*
*[https-test]: finer: StandardManager[]: WEB3417: Seeding of random number generator has been completed*
*[https-test]: finer: ContextConfig[]: WEB3539: ContextConfig: Processing START*
*[https-test]: finer: WebModule[]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: ContextConfig[]: WEB3523: Missing application web.xml, using defaults only*
*[https-test]: finer: ContextConfig[]: Scanning web.xml tag libraries*
*[https-test]: finer: ContextConfig[]: Scanning library JAR files*
*[https-test]: finest: Realm name has been set to: native*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: finest: The realm native is a NativeRealm.*
*[https-test]: finer: ContextConfig[]: Pipeline Configuration:*
*[https-test]: finer: ContextConfig[]: org.apache.catalina.core.StandardContextValve/1.0*
*[https-test]: finer: ContextConfig[]: ======================*
*[https-test]: finer: WebModule[]: Configuring application event listeners*
*[https-test]: finer: WebModule[]: Sending application start events*
*[https-test]: finer: WebModule[]: Starting filters*
*[https-test]: finer: WebModule[]: Posting standard context attributes*
*[https-test]: finer: StandardWrapper[:invoker]: WEB2770: Loading container servlet invoker*
*[https-test]: info: WEB2798: [] ServletContext.log(): WEB3946: Parent class loader is: WebappClassLoader*
*[https-test]: available:*
*[https-test]: delegate: false*
*[https-test]: repositories:*
*[https-test]: required:*
*[https-test]: ----------> Parent Classloader:*
*[https-test]: sun.misc.Launcher$AppClassLoader@67ac19*
*[https-test]:*
*[https-test]: finer: WebModule[]: Starting completed*
*[https-test]: fine: Adding web module : context = /search, location = /opt/software/sunone/bin/https/webapps/search*
*[https-test]: fine: adding pattern "/advanced" for resource "AdvSearchServlet"*
*[https-test]: fine: adding pattern "/servlet/*" for resource "invoker"*
*[https-test]: fine: adding pattern "*.jsp" for resource "jsp"*
*[https-test]: fine: Adding web module : context = , location = /opt/software/sunone/docs*
*[https-test]: fine: adding pattern "*.jsp" for resource "jsp"*
*[https-test]: fine: adding pattern "/servlet/*" for resource "invoker"*
*[https-test]: fine: Waiting until the server is ready*
*[https-test]: startup failure: could not bind to 172.26.51.90:443 (Cannot assign requested address)*
*[https-test]: failure: HTTP3127: [LS ls1] https://172.26.51.90:443: Error creating socket (Cannot assign requested address)*
*[https-test]: failure: HTTP3094: 1 listen sockets could not be created*
*[https-test]: failure: CORE3186: Failed to set configuration*
*[https-test]: failure: server initialization failed*
Please suggest/help.
Regards,
AshfaqueThe error message "Cannot assign requested address" means exactly that: Web Server has been configured to listen for requests on an IP address for which your operating system is not configured. You can a) change your Web Server configuration so it listens on 0.0.0.0 (meaning all configured IP addresses), b) change your Web Server configuration so it listens on a specific IP address for which your operating system is configured, or c) configure your operating system for IP address 172.26.51.90.
The problem is not related to certificates or ports. -
Security realm - Security:097533 - Developing own authentication provider
hi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thankshi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thanks -
ORA-27101: shared memory realm does not exist urgent cannot connect
Hi i can't succeed connectivity test with netmgr
Initializing first test to use userid: scott, password: tiger
Attempting to connect using userid: scott
The test did not succeed.
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
There may be an error in the fields entered,
or the server may not be ready for a connection.
Here is what i get from tcpdump:
0x00a0: 5241 2d30 3130 3334 3a20 4f52 4143 4c45 RA-01034:.ORACLE
0x00b0: 206e 6f74 2061 7661 696c 6162 6c65 0a4f .not.available.O
0x00c0: 5241 2d32 3731 3031 3a20 7368 6172 6564 RA-27101:.shared
0x00d0: 206d 656d 6f72 7920 7265 616c 6d20 646f .memory.realm.do
0x00e0: 6573 206e 6f74 2065 7869 7374 0a4c 696e es.not.exist.Lin
0x00f0: 7578 2045 7272 6f72 3a20 323a 204e 6f20 ux.Error:.2:.No.
0x0100: 7375 6368 2066 696c 6520 6f72 2064 6972 such.file.or.dir
0x0110: 6563 746f 7279 0a ectory.
Here an attempt with sqlplus that didn't work
sqlplus scott/tiger@CHUCKY
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Mar 29 17:05:03 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Another attempt with sqlplus that succeed i dunno why
oracle@debian:~$ sqlplus scott/tiger
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Mar 29 17:06:02 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
Can someone help me to understand what is wrong please?user499283 wrote:
Well I don't understand exactly what you mean
here is the listener status
SNRCTL for Linux: Version 10.2.0.1.0 - Production on 29-MAR-2006 18:24:33
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=debian)(PORT=1521)))
Services Summary...
Service "CHUCKY" has 1 instance(s).
Instance "CHUCKYSON", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:3 refused:0
LOCAL SERVER
Service "chucky.rss-global.com" has 1 instance(s).
Instance "CHUCKY", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
Service "chuckyXDB.rss-global.com" has 1 instance(s).
Instance "CHUCKY", status READY, has 1 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:1022 state:ready
DISPATCHER <machine: debian, pid: 11725>
(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=49930))
Service "chucky_XPT.rss-global.com" has 1 instance(s).
Instance "CHUCKY", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully
I dont know if it is a good thing i copy an init.ora file to initCHUCKY.ora and now database is using it I have just changed some values in it like control files dbname ... that were pointing to another database maybe this is why i dont manage to get this database runing.
Now i am stucked I dunno what to do
racle@debian:~$ tnsping chucky
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 29-MAR-2006 18:27:45
Copyright (c) 1997, 2005, Oracle. All rights reserved.
Used parameter files:
/home/oracle/u01/app/oracle/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = debian)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = CHUCKY)) (HS = OK))
OK (0 msec)
I am so new to it as i understand the listener is working if i beliave what reports tnsping
As I understand the database is started
SQL> startup
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size 1218316 bytes
Variable Size 62916852 bytes
Database Buffers 100663296 bytes
Redo Buffers 2973696 bytes
Database mounted.
Database opened.
As Inunderstand it is listeneing on 1521
netstat -anp | grep 1521
tcp 0 0 0.0.0.0:1521 0.0.0.0:* LISTEN 11762/tnslsnr
tcp 0 0 127.0.0.1:46370 127.0.0.1:1521 ESTABLISHED11703/ora_pmon_CHUC
tcp 0 0 127.0.0.1:1521 127.0.0.1:46370 ESTABLISHED11762/tnslsnr
unix 2 [ ] DGRAM 43990 11521/su
I made a tcpdump i saw the data is comong on localhost port 1521
Synthese I think the listener is runing, the database too, it is making a listen on 1521 port , when I try to connect data arrives on the right interface.
But I can't login by
sqlplus scott/tiger@CHUCKY
qlplus SCOTT/tiger@CHUCKY
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Mar 29 18:32:49 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
I dunno what is this fuckin shared memoryThis fuckin shared memory is how oracle does interprocess communication. When you connect to Oracle, you have to connect to this area. If you tell it the wrong area, it won't find it. You can see the areas with the ipcs command on the server. Since you can connect locally, but can't connect remotely, there is something wrong with how you told Oracle to connect remotely. Remotely can be on the same host if you have an @ in the connect string.
>
env | grep ORACLE
ORACLE_SID=CHUCKY
ORACLE_BASE=/home/oracle
ORACLE_HOME=/home/oracle/u01/app/oracle/oracle/product/10.2.0/db_1/
seems like my variables are good.
Well I dunno what to do I didn't think getting a simple login locally over tcp/ip would be so difficult, I am afraid of what will happen after this will work :) As it should be one of the easiest things on oracle what about the hardest :)Well, first try removing the trailing slash from ORACLE_HOME everywhere, including if you have it in the listener.ora. Then compare the tnsnames.ora ORACLE_HOME with your environment ORACLE_HOME. In fact, if you have a listener.ora, try renaming it to something else and restarting the listener.
That error is normally due to a bad ORACLE_HOME or ORACLE_SID. Since your tnsping works, that indicates the ORACLE_HOME is good. But all that tells you is that the listener responds. Other causes may be inadequate processes in init.ora or case issues with the sid, or just generally not following the installation instructions. But are there installation instructions for debian?
With multiple databases on one host, some kernel parameters may need to be increased. -
Not able to open oim11g console but status is running in weblogic
HI All,
I have configured oim11g and in weblogic its status is running but somehow i am not able to access it, its not even displaying login page.
In logs its says :
/u01/java/bin/java -jrockit -Xms768m -Xmx1536m -Dweblogic.Name=oim_server1 -Djava.security.policy=/u01/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/u01/Oracle/Middleware/wlserver_10.3/server/lib/cacerts -da -Dplatform.home=/u01/Oracle/Middleware/wlserver_10.3 -Dwls.home=/u01/Oracle/Middleware/wlserver_10.3/server -Dweblogic.home=/u01/Oracle/Middleware/wlserver_10.3/server -XX:PermSize=256m -XX:MaxPermSize=512m -Dcommon.components.home=/u01/Oracle/Middleware/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain -Djrockit.optfile=/u01/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/servers/oim_server1 -Doracle.domain.config.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/carml -Digf.arisidstack.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/u01/Oracle/Middleware/Oracle_IDM1/server/loginmodule/wls,/u01/Oracle/Middleware/oracle_common/modules/oracle.ossoiap_11.1.1,/u01/Oracle/Middleware/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol|oracle.fabric.common.classloaderurl.handler|oracle.fabric.common.uddiurl.handler|oracle.bpm.io.fs.protocol -Dweblogic.jdbc.remoteEnabled=false -DXL.HomeDir=/u01/Oracle/Middleware/Oracle_IDM1/server -Djava.security.auth.login.config=/u01/Oracle/Middleware/Oracle_IDM1/server/config/authwl.conf -Dorg.owasp.esapi.resources=/u01/Oracle/Middleware/Oracle_IDM1/server/apps/oim.ear/APP-INF/classes -da:org.apache.xmlbeans... -Dsoa.archives.dir=/u01/Oracle/Middleware/Oracle_SOA1/soa -Dsoa.oracle.home=/u01/Oracle/Middleware/Oracle_SOA1 -Dsoa.instance.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain -Dtangosol.coherence.clusteraddress=227.7.7.9 -Dtangosol.coherence.clusterport=9778 -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Djavax.net.ssl.trustStore=/u01/Oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks -Dums.oracle.home=/u01/Oracle/Middleware/Oracle_SOA1 -Dem.oracle.home=/u01/Oracle/Middleware/oracle_common -Djava.awt.headless=true -Didm.oracle.home=/u01/Oracle/Middleware/Oracle_OID -Xms512m -Xmx1024m -Xss512K -Djava.net.preferIPv6Addresses=true -DuseIPv6Address=true -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Djava.net.preferIPv6Addresses=true -Dweblogic.management.discover=false -Dweblogic.management.server=http://AL2APD01:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u01/Oracle/Middleware/patch_wls1035/profiles/default/sysext_manifest_classpath:/u01/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath weblogic.Server
[WARN ][jrockit] PermSize=256m ignored: Not a valid option for JRockit
[WARN ][jrockit] MaxPermSize=512m ignored: Not a valid option for JRockit
[WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
<Jun 1, 2012 7:19:19 PM PHT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Jun 1, 2012 7:19:20 PM PHT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Jun 1, 2012 7:19:20 PM PHT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.2.3-13-149708-1.6.0_31-20120327-1523-linux-x86_64 from Oracle Corporation>
<Jun 1, 2012 7:19:22 PM PHT> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<Jun 1, 2012 7:19:30 PM PHT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<Jun 1, 2012 7:19:33 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 1, 2012 7:19:33 PM PHT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Jun 1, 2012 7:19:34 PM PHT> <Notice> <Log Management> <BEA-170019> <The server log file /u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/logs/oim_server1.log is opened. All server side log events will be written to this file.>
Jun 1, 2012 7:23:28 PM oracle.iam.platform.auth.providers.wls.OIMAuthenticationProvider initialize
INFO: Authentication module initialized
<Jun 1, 2012 7:23:29 PM PHT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Jun 1, 2012 7:23:38 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Jun 1, 2012 7:23:38 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 1, 2012 7:23:58 PM PHT> <Warning> <oracle.jps.upgrade> <JPS-06003> <Cannot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.security.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The credential with map ADF and key anonymous#oimBpelCredKey already exists..>
<Jun 1, 2012 7:24:00 PM PHT> <Warning> <oracle.adf.share.ADFContext> <BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent().
To see the stack trace for thread that is initializing this, set the logging level of oracle.adf.share.ADFContext to FINEST>
<Jun 1, 2012 7:24:03 PM PHT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
<Jun 1, 2012 7:24:04 PM PHT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element application in the deployment descriptor in /u01/Oracle/Middleware/Oracle_IDM1/server/apps/spml-xsd.ear/META-INF/application.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
<Jun 1, 2012 7:24:04 PM PHT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element application in the deployment descriptor in /u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/tmp/_WL_user/spml-xsd/s8d2b9/META-INF/application.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
Loading xalan.jar for XPathAPI.
19:24:11 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] -
NEXAWEB SERVER LICENSE -
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Clustering is OFF.
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:52 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies 10.3 Thu Feb 3 16:30:47 EST 2011
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Servlet API Version: 2.5
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Nexaweb Server initialized successfully.
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Jun 1, 2012 7:24:17 PM PHT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.226.155.53:14000 for protocols iiop, t3, ldap, snmp, http.>
<Jun 1, 2012 7:24:17 PM PHT> <Notice> <WebLogicServer> <BEA-000330> <Started WebLogic Managed Server "oim_server1" for domain "IDM_Domain" running in Production Mode>
<Jun 1, 2012 7:24:22 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Jun 1, 2012 7:24:22 PM PHT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
/u01/java/bin/java -jrockit -Xms768m -Xmx1536m -Dweblogic.Name=oim_server1 -Djava.security.policy=/u01/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/u01/Oracle/Middleware/wlserver_10.3/server/lib/cacerts -da -Dplatform.home=/u01/Oracle/Middleware/wlserver_10.3 -Dwls.home=/u01/Oracle/Middleware/wlserver_10.3/server -Dweblogic.home=/u01/Oracle/Middleware/wlserver_10.3/server -XX:PermSize=256m -XX:MaxPermSize=512m -Dcommon.components.home=/u01/Oracle/Middleware/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain -Djrockit.optfile=/u01/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/servers/oim_server1 -Doracle.domain.config.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/carml -Digf.arisidstack.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/u01/Oracle/Middleware/Oracle_IDM1/server/loginmodule/wls,/u01/Oracle/Middleware/oracle_common/modules/oracle.ossoiap_11.1.1,/u01/Oracle/Middleware/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol|oracle.fabric.common.classloaderurl.handler|oracle.fabric.common.uddiurl.handler|oracle.bpm.io.fs.protocol -Dweblogic.jdbc.remoteEnabled=false -DXL.HomeDir=/u01/Oracle/Middleware/Oracle_IDM1/server -Djava.security.auth.login.config=/u01/Oracle/Middleware/Oracle_IDM1/server/config/authwl.conf -Dorg.owasp.esapi.resources=/u01/Oracle/Middleware/Oracle_IDM1/server/apps/oim.ear/APP-INF/classes -da:org.apache.xmlbeans... -Dsoa.archives.dir=/u01/Oracle/Middleware/Oracle_SOA1/soa -Dsoa.oracle.home=/u01/Oracle/Middleware/Oracle_SOA1 -Dsoa.instance.home=/u01/Oracle/Middleware/user_projects/domains/IDM_Domain -Dtangosol.coherence.clusteraddress=227.7.7.9 -Dtangosol.coherence.clusterport=9778 -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Djavax.net.ssl.trustStore=/u01/Oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks -Dums.oracle.home=/u01/Oracle/Middleware/Oracle_SOA1 -Dem.oracle.home=/u01/Oracle/Middleware/oracle_common -Djava.awt.headless=true -Didm.oracle.home=/u01/Oracle/Middleware/Oracle_OID -Xms512m -Xmx1024m -Xss512K -Djava.net.preferIPv6Addresses=true -DuseIPv6Address=true -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Djava.net.preferIPv6Addresses=true -Dweblogic.management.discover=false -Dweblogic.management.server=http://AL2APD01:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u01/Oracle/Middleware/patch_wls1035/profiles/default/sysext_manifest_classpath:/u01/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath weblogic.Server
[WARN ][jrockit] PermSize=256m ignored: Not a valid option for JRockit
[WARN ][jrockit] MaxPermSize=512m ignored: Not a valid option for JRockit
[WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
<Jun 1, 2012 7:19:19 PM PHT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Jun 1, 2012 7:19:20 PM PHT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Jun 1, 2012 7:19:20 PM PHT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.2.3-13-149708-1.6.0_31-20120327-1523-linux-x86_64 from Oracle Corporation>
<Jun 1, 2012 7:19:22 PM PHT> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<Jun 1, 2012 7:19:30 PM PHT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<Jun 1, 2012 7:19:33 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 1, 2012 7:19:33 PM PHT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Jun 1, 2012 7:19:34 PM PHT> <Notice> <Log Management> <BEA-170019> <The server log file /u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/logs/oim_server1.log is opened. All server side log events will be written to this file.>
Jun 1, 2012 7:23:28 PM oracle.iam.platform.auth.providers.wls.OIMAuthenticationProvider initialize
INFO: Authentication module initialized
<Jun 1, 2012 7:23:29 PM PHT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Jun 1, 2012 7:23:38 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Jun 1, 2012 7:23:38 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 1, 2012 7:23:58 PM PHT> <Warning> <oracle.jps.upgrade> <JPS-06003> <Cannot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.security.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The credential with map ADF and key anonymous#oimBpelCredKey already exists..>
<Jun 1, 2012 7:24:00 PM PHT> <Warning> <oracle.adf.share.ADFContext> <BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent().
To see the stack trace for thread that is initializing this, set the logging level of oracle.adf.share.ADFContext to FINEST>
<Jun 1, 2012 7:24:03 PM PHT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
<Jun 1, 2012 7:24:04 PM PHT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element application in the deployment descriptor in /u01/Oracle/Middleware/Oracle_IDM1/server/apps/spml-xsd.ear/META-INF/application.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
<Jun 1, 2012 7:24:04 PM PHT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element application in the deployment descriptor in /u01/Oracle/Middleware/user_projects/domains/IDM_Domain/servers/oim_server1/tmp/_WL_user/spml-xsd/s8d2b9/META-INF/application.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
Loading xalan.jar for XPathAPI.
19:24:11 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] -
NEXAWEB SERVER LICENSE -
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Clustering is OFF.
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:52 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies 10.3 Thu Feb 3 16:30:47 EST 2011
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Servlet API Version: 2.5
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
19:24:12 INFO [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Nexaweb Server initialized successfully.
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Jun 1, 2012 7:24:16 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Jun 1, 2012 7:24:17 PM PHT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.226.155.53:14000 for protocols iiop, t3, ldap, snmp, http.>
<Jun 1, 2012 7:24:17 PM PHT> <Notice> <WebLogicServer> <BEA-000330> <Started WebLogic Managed Server "oim_server1" for domain "IDM_Domain" running in Production Mode>
<Jun 1, 2012 7:24:22 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Jun 1, 2012 7:24:22 PM PHT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>Wrong forum! Please post your question in the WebLogic Server - General or other WebLogic forum that deals with OIM.
Craig... -
IDOC Status, Tracking in SAP PI/PO Single Stack
Hi All,
My PO version: 7.4, SP4. I am not sure my questions below are still a limitation in current PI/PO single stack systems, and hence requesting your help for the same.
1) Is there a way we can track outbound idocs in SAP PI/PO single stack similar to PI abap stack IDX5? ( Note:- I couldn't find any option in IDOC monitoring in single stack SAP PO 7.4, SP4)
2) IDOC status is always 0 in SAP PO 7.4 single stack IDOC monitoring. I am not sure if this status is just specific to my PO system. Any setting needs to be applied?
ps: Please post only relevant answers/solutions
Thanks,
Praveen Gujjeti
Message was edited by: Praveen GujjetiHi All,
As per SAP help: Comparison of IDoc Adapter (IE) and IDoc Adapter (AAE) - SAP NetWeaver PI Reference Documentation - SAP Library idoc status and tracking not supported in current PO versions. May be SAP will add this feature in upcoming PO versions
Auditing, Monitoring ,and Tracing Functions
Attribute/Feature
IDoc Adapter (IE)
IDoc Adapter (AAE)
ALE Audit
Supported
Supported
IDoc tracing
Supported (transaction IDX5)
Not supported
IDoc monitoring
Transaction IDX5
Integration with channel monitor and message monitor (as part of Advanced Adapter Engine monitor)
Status tracking -SYSTAT
(analysis and further processing of messages that have not been processed)
Not supported
Not supported
RFC monitoring
Supported
Not supported
Message persistence in the IDoc adapter
Supported
Message correlation information can be stored in IDoc adapter.
Not supported.
Message is persisted in messaging system with correlation data persisted in adapter.
Regards,
Praveen Gujjeti -
SLES10 SP4/OES2 SP3 32 bit Clean Install - Basic Questions
Hi everyone.
I am now an expert in installing the above software and ending up with a server which does not work as we require. Must be something I am doing wrong. Hope someone can spot it.
Have installed and supported Netware servers for 25 years without major problems. Decided now to move to SLES because Novell say we should and we need Groupwise 12 to replace GroupWise 8.
The operational environment we are targeting is an 80 user edirectory/NDS based single tree, single context containing two Netware 6.5 SP8 HP Proliant servers running uncomplicated file and print services , NSS volumes, Groupwise 8, DHCP, ifolder, Quickfinder and the like, spread across the two servers. It all works a treat. Client PCs are are all XP Pro with Novell client software.
The idea would be to replace one of the two Netware servers first with a SLES/OES server and then the second Netware server with a second SLES/OES server and move GroupWise functionality to one of the SLES/OES servers. Ideally users would continue to log on using their eDirectory accounts without noticing anything was going on in the background.
The test environment we have set up is a 5 user NDS/eDirectory single tree, single context already containing a single Netware 6.5 SP8 Proliant server running file and print, NSS volumes etc and Groupwise 8. Into this tree we are trying to install a 32 bit server with a empty 36 GB SCSI disc running SLES 10 SP4 with OES2 DP3 as an add in, with NSS data volumes.
Because it only takes a few hours to do we have repeatedly run the SLES 10/OES2 install (probably about 9 times!) with minor variations to see whether we can end up with a properly configured SLES/OES server but there is always one problem or another.
The major problem we have is how to configure NSS data volumes on the SLES server and how to allow users to be validated against their eDirectory entries and knowing whether the test server is 'good to go'.
The process we followed for each test install, after checking edirectory was clean and removing any entries placed in the tree by earlier attempts to install the SLES server in the same tree were:
1. Boot the SLES 10 SP4 32 DVD (downloaded ISO and burnt DVD) and selected Installation.
2. Followed the prompts on time zone and language etc and selected i386 OES CD (also downloaded ISO and burnt) as the Software Add-In.
3. Loaded SLES DVD and OES CD as and when requested
4. At the Partitioning stage we selected the EVMS proposal, and at the Software selection stage selected the base software, file server Role, Documentation, DHCP, eDirectory, iFolder, iPrint, Quickfinder, NSS and LDAP.
5. Miscellaneous errors would appear or not appear during the eDirectory stage (eg LUM error, or iFolder error) but the eDirectory stage would still seem to complete OK and get ticked.
6. The system would then reboot and appear to come up OK.
HOWEVER, we are not convinced we have created a fully working reliable server.
and
SPECIFICALLY we are unable to create NSS volumes and we cannot logon users via their eDirectory accounts.
NSSMU shows a single device sda (33.92 Gb) and three partitions sda1 (70Mb), sda2 (31.91GB), and sda3 (1.94GB). sda2 seems to contain all the 'spare' space on the disk (type Linux LVM) but says there is no spare space to create our NSS partitions.
iManager cannot see any devices to configure NSS data volumes on the SLES server but it connects OK
NSSCON status seems to show NSS to be running
EVMSGUI shows /dev/evms/lvm2/system/ro at 10 Gb, /dev/evms/lvm2/system/sw at 2GB and /dev/evms/sda1 at 70 Mb
So my questions are:
Does the above look right?
Why cannot we get at the spare disk space to set up NSS volumes? Did the EVMS proposal grab it all and if so how do we get it back?
Did not selecting the EVMS partitioning proposal do everything needed to run NSS?
[There seems to be some suggestion in the several hundred pages of SLES, OES and NSS Guides, Installation manuals, Configuration manuals etc that we have studied over several days, that we now have to edit a fstab file to make it work properly (Really? in this day and age where clicking on Setup.Exe will configure a fully working Windows server) Is that so? Is there anything else we need to do?]
How do we get the users to access their NDS accounts to log into SLES and Netware?
How do we know the server is OK for operaational use and 'works' ?
HELP!!!
ADBalandbond wrote:
> I
> have already trawled the self help Forums believing that before SLES
> 11 came along everyone must have been setting up NSS volumes on SLES
> 10/OES2 as a matter of course as they moved from Netware and so me
> trying to do it now should not be akin to rocket science.
You are partially correct. Admins who used NSS on NetWare likely did
install NSS on OES Linux but I suspect they used a separate drive for
NSS either by installing an additional drive, by carving out a chunk of
space on their RAID array and assigning it to a separate LUN, or by
running OES in a VM where storage space on a single disk/array can
appear as separate drives.
> If Novell say in that guide as they do
> (just as do you and ab and Simon in responses to my post) that the
> IDEAL way to include NSS is to have a separate disk for Suse and NSS
> volumes, BUT as long as you use EVMS to manage the volumes it IS
> SUPPORTED, then I consider it should be possible without grief to do
> this and not considered as me putting round pegs in square holes.
Semantics!
IDEAL = Recommended; EVMS != IDEAL; EVMS != Recommended;
IMO, Novell recognised that they had to provide a way for customers to
install NSS on a system that only had a single disk and provided this
procedure as a workaround. By the way, they also support 2-node
clusters but they aren't recommended either. I have also seen cases
where a supported configuration was deemed no longer to be supported as
NTS became aware of additional complications.
My point (and Simon's and ab/Aaron's) is this: Just because it is
supported doesn't mean you should do it. If we can agree on this point,
I'll try to help you to get it working. The last thing I want to do is
give others the impression that by helping you find a solution we think
this is a good idea!!!
> This latest release of software even goes as far as including an EVMS
> Partitioning proposal which can be selected (as I did) within the
> clean install process.
>
> This is what it says:
Okay! I'm only looking at the information you provided. Let's analyse
it!
>
> A.2.1 Understanding the EVMSBased Partitioning Scheme
> Using EVMS to manage the system device allows you to later add NSS
> pools and volumes
Yes, NSS requires the volume manager to be EVMS and not LVM!
> on any *unpartitioned* free space on it.
But you have not left *any* unpartitioned free space!
> You must modify the partitioning scheme to use EVMS during the
> install. It is not possible to change the volume manager for the
> system device after the install.
True.
> Beginning in OES 2 SP3, the Partitioner in the YaST Install offers the
> Create EVMS Based Proposal option to automatically create an EVMS
> solution for the system device.
> For unpartitioned devices over 20 GB in size,
This is what you have...
> this option creates a boot partition
> and a container for the swap and / (root) volumes
> in up to the first 20 GB,
> and leaves the remainder of the space on the device
> as unpartitioned free space.
But it didn't (or you didn't)!
> Table A-1 shows the default proposed setup
> for a machine with 768 MB RAM.
> The default swap size is 1 GB or larger,
> depending on the size of the RAM on your machine.
> The remainder of the device is left as unpartitioned free space.
Let's look at the default proposal. This is *not* what you have.
> Table A-1 Default EVMS Proposal for Devices over 20 GB in Size
>
> Device Size Type Mount Point
> /dev/sda1 70.5 MB Ext2 /boot
> /dev/sda2 14.9 GB Linux LVM
> /dev/evms/lvm2/system 14.9 GB EVMS lvm2/system
> /dev/evms/lvm2/system/root 10.0 GB EVMS /
> /dev/evms/lvm2/system/swap 1.1 GB EVMS swap
A single (SATA/SAS/SCSI) drive will be known as sda (/dev/sda).
/dev/sda1 is the first partition. In the example and in your
configuration this is the /boot partition. In both cases it is 70.5 MB.
/dev/sda2 is the second partition. The partition uses LVM so logical
volumes of various sizes can be created within the partition. The total
size of all logical volumes cannot be larger than the size of the
partition.
In the above example:
/root is 10.0 GB and swap is 1.1 GB. This leaves: 14.9 - (10.0 + 1.1) =
3.8 GB of additional space within /sda2 which can be used to create
additional logical volumes. Furthermore sda1 + sda2 use only ~ 15 GB.
Only 15 GB of the disk has been allocated. The remainder of the disk is
*unallocated* and *unpartitioned*. Presumably, it was left that way so
that the space could be used for NSS.
In your case: sda2 is 31.91 GB
This does not follow the Default EVMS Proposal for Devices over 20 GB
in Size. Either YaST did not allocate space according to the default
proposal or you changed it. Either way, sda2 (+sda3) consume *all* of
the available disk space. It is no wonder that there is no space
available for NSS!
> What do you reckon???
I reckon that something went wrong along the way. If you did not
specifically change the default allocation yourself, then consider this
one example of kinds the things that can happen when one tries to
exploit seldom used, but supported, features!
It looks like it is time for yet another installation. This time, make
sure you leave enough unpartitioned space on the drive for NSS and let
me know how you make out.
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
WLS 8.1 Apache Plug-in is changing HTTP status code 999 to 500
I'm seeing the weblogic server 8.1 sp4 apache plug-in change the HTTP status code of 999 (set by the application) to 500 Internal Server Error. I'm seeing this with Apache 2.0.48 on aix and with Apache 2.0.58 on windows. I've tried the plug-in from 8.1 SP2, SP4 and SP6 with all yielding the same result. I've tried the SSL plug-in too - same result. I'm told by the maker of this application that they are not seeing this issue with the plug-in for SunOne/NES. What does BEA say about the Apache plug-in changing the http status code? Why is it doing this? Why doesn't the SunOne/NES plug-in do it? Can you provide a plug-in that does not do this?
Try setting
Debug ALL
inside your IfModule. All proxy activity will be written to /tmp/wlproxy.log (on
unixes). If no info appears in the log, Apache is not invoking the plug-in properly.
HTH
"Lukas" <[email protected]> wrote:
>
I am trying to set up Apache 2.0.49 proxy plug-in for my WLS 8.1 cluster
(2 managed
servers). I followed instructions at http://edocs.bea.com/wls/docs81/plugins/apache.html.
My test web application runs on
192.168.10.142:5001/public/testwebapp
and
192.168.10.142:6001/public/testwebapp
I have tested my cluster using another instance on WLS and HttpClusterServlet
and it works fine.
I have added following section to my httpd.conf
LoadModule weblogic_module modules/mod_wl_20.so
<IfModule mod_weblogic.c>
WebLogicCluster 192.168.10.142:6001,192.168.10.142:5001
</IfModule>
<Location /public/testwebapp>
SetHandler weblogic-handler
PathTrim /public/testwebapp
ErrorPage http://myerrorpage1.mydomain.com
</Location>
I restarted my wls cluster and apache as well and when I specify http://192.168.10.142/public/testwebapp
(apache web server) I receive Error 404--Not Found (even thou I have
tested my
http://192.168.10.142:5001/public/testwebapp and http://192.168.10.142:6001/public/testwebapp
- they work correctly).
There is nothing in apache’s error_log file.
There is a record in access_log file reading:
192.168.10.126 - - [08/Jun/2004:16:23:32 -0700] "GET /public/testwebapp
HTTP/1.1"
404 1214
which gives me an impression that “proxy” – forwarding does not work.
Where should I look for some errors?
Thanks,
Lukas -
EJB2.0 issue on weblogic server 8.1 sp4
We are doing some ejb2.0 development on weblogic 8.1 sp4, and We have noticed some unusual and undesirable behavior with CMR.
The following session bean code is used to define a Many-Many relationship between different entity beans in the same EJB using CMR.
The method does the following:
1. Gets the existing Collection of parents EJBs for the child EJB.
2. Checks that the new parent EJB is not in the existing parents Collection
3. Adds the new parent to the Collection and finally sets the parents Collections for the child EJB.
public static void addChild(EntityHandle a_parent, EntityHandle a_child)
throws TrackingException
TrackedEntityLocal parent = null;
TrackedEntityLocal child = null;
parent = getEntity(a_parent);
child = getEntity(a_child);
Collection parents = child.getParents();
if (!containsEJB(parents, parent)) // return true if parent already exists in collection parents.
parents.add(parent);
child.setParents(parents);
In the problem scenario we are creating the child and its parent entities in the same transaction.
We then define the raltionships by adding parents to the same child EJB on the client side within the same transaction (that created the EJBs) like this:
addChild( parentOne, child);
addChild( parentTwo, child);
addChild( parentThree, child);
I expect 3 records in the CMR EJB table entity_relationship but I end up with 6 records in table entity_relationship like this.
parentOne,child
parentOne,child
parentTwo,child
parentOne,child
parentTwo,child
parentThree,child
What seems to be happening is that these EJB relationships are being duplicated in the EJB cache which means that when the container persists the relationships it breaks a unique constraint that is defined in Oracle.
It seems that each time I call child.getParents() I get a copy of the bean's current parent relationships in the cache (which I then add one new parent to).
Even though I set the parent Collection back into the bean (which i would expect to replace the existing Collection) at persist time the container seems to attempt to persist 3 distinct Collections.
We only seem to get this problem if the parent entity itself has not yet been persisted.
If the parent EJBs have already been created in table entity beforehand, we only get 3 relationships in table entity_relationship.
parentOne,child
parentTwo,child
parentThree,child
Anybody has any idea what's going on here? thanks a million.
EJB schema below:
both parent and child are from one table:entity.
CREATE TABLE entity
( id INTEGER NOT NULL PRIMARY KEY,
type_id INTEGER NOT NULL
CONSTRAINT entity_FK
REFERENCES entity_type(id),
orig_comp_id INTEGER NOT NULL
CONSTRAINT entity_FK2
REFERENCES component(id)
entity_relationship defines the relation between parent and child
CREATE TABLE entity_relationship
( end1_id INTEGER NOT NULL
CONSTRAINT entity_relationship_FK
REFERENCES entity(id),
end2_id INTEGER NOT NULL
CONSTRAINT entity_relationship_FK2
REFERENCES entity(id),
type_id INTEGER DEFAULT(1)
NOT NULL
CONSTRAINT entity_relationship_FK3
REFERENCES entity_rel_type(id),
CONSTRAINT entity_relationship_PK PRIMARY KEY(end1_id,end2_id,type_id)
EJB descriptors given below:
============================================ejb-jar.xml===============================================
<entity>
<ejb-name>TrackedEntityEJB</ejb-name>
<local-home>uk.police.pnn.psni.eai.bcomp.tracking.entity.TrackedEntityHomeLocal</local-home>
<local>uk.police.pnn.psni.eai.bcomp.tracking.entity.TrackedEntityLocal</local>
<ejb-class>uk.police.pnn.psni.eai.bcomp.tracking.entity.TrackedEntityBean</ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>False</reentrant>
<cmp-version>2.x</cmp-version>
<abstract-schema-name>entity</abstract-schema-name>
<cmp-field>
<field-name>id</field-name>
</cmp-field>
<primkey-field>id</primkey-field>
<security-identity>
<use-caller-identity/>
</security-identity>
</entity>
<ejb-relation>
<ejb-relation-name>entity-entity</ejb-relation-name>
<ejb-relationship-role>
<ejb-relationship-role-name>Entity-has-Parents</ejb-relationship-role-name>
<multiplicity>Many</multiplicity>
<relationship-role-source>
<ejb-name>TrackedEntityEJB</ejb-name>
</relationship-role-source>
<cmr-field>
<cmr-field-name>parents</cmr-field-name>
<cmr-field-type>java.util.Collection</cmr-field-type>
</cmr-field>
</ejb-relationship-role>
<ejb-relationship-role>
<ejb-relationship-role-name>Entity-has-Children</ejb-relationship-role-name>
<multiplicity>Many</multiplicity>
<relationship-role-source>
<ejb-name>TrackedEntityEJB</ejb-name>
</relationship-role-source>
<cmr-field>
<cmr-field-name>children</cmr-field-name>
<cmr-field-type>java.util.Collection</cmr-field-type>
</cmr-field>
</ejb-relationship-role>
</ejb-relation>
<container-transaction>
<method>
<ejb-name>TrackedEntityEJB</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Supports</trans-attribute>
</container-transaction>
==========================weblogic-ejb-jar.xml===================================================
<weblogic-enterprise-bean>
<ejb-name>TrackedEntityEJB</ejb-name>
<entity-descriptor>
<persistence>
<persistence-use>
<type-identifier>WebLogic_CMP_RDBMS</type-identifier>
<type-version>6.0</type-version>
<type-storage>META-INF/weblogic-cmp-rdbms-jar.xml</type-storage>
</persistence-use>
</persistence>
</entity-descriptor>
<enable-call-by-reference>true</enable-call-by-reference>
<local-jndi-name>bcomp.tracking.entity.TrackedEntityHomeLocal</local-jndi-name>
</weblogic-enterprise-bean>
=============================weblogic-cmp-rdbms-jar.xml==========================================
<weblogic-rdbms-relation>
<relation-name>entity-entity</relation-name>
<table-name>entity_relationship</table-name>
<weblogic-relationship-role>
<relationship-role-name>Entity-has-Parents</relationship-role-name>
<relationship-role-map>
<column-map>
<foreign-key-column>end2_id</foreign-key-column>
<key-column>id</key-column>
</column-map>
</relationship-role-map>
</weblogic-relationship-role>
<weblogic-relationship-role>
<relationship-role-name>Entity-has-Children</relationship-role-name>
<relationship-role-map>
<column-map>
<foreign-key-column>end1_id</foreign-key-column>
<key-column>id</key-column>
</column-map>
</relationship-role-map>
</weblogic-relationship-role>
</weblogic-rdbms-relation>
Edited by: user10185877 on 26-Aug-2008 02:06I am also wondering what the status of this problem is? It is preventing us from going to SP4.
_Mike -
(HELP) ORA-27101: shared memory realm does not exist
Contributors,
I am a newbie in Oracle and have oracle database installed and working as expected until few days ago. One day i was getting these ugly messages when connecting via SQLplus
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Process ID: 0
Session ID: 0 Serial number: 0I did some searches on this topic but haven't found solutions.
* Some suggested to check[b] environment variables ORACLE_HOME and ORACLE_SID : my ORACLE_HOME is fine, and i DO NOT have ORACLE_SID on the day i realize the problem.
I am not sure if ORACLE_SID variable is usually exist when my database was up and running. So i set ORACLE_SID yet did not help.
* Some said check if the required services are running :
- OracleOraDb11g_home1TNSListener : RUNNING
- OracleServiceORCL : RUNNING
* Other said that they have the same problem, but everything back to normal after several hours without anything configured / changed (miraculous)
* I tried to restart or shut down, but no luck
* In the same thread few days ago, Vlado helped me with suggestion to acces ADRCI and type SHOW PROBLEM also SHOW INCIDENT
but the reply is DIA-48494: ADR home is not set, the corresponding operation cannot be done* Other implied to check the .ora files in NETWORK\ADMIN. I will post it (TNSNAMES.ORA, LISTENER.ORA, SQLNET.ORA) after this.
My platform and some info :
* OS : MS Windows Vista Ultimate
* Oracle Database 11g Release 1 (11.1.0.6.0) Enterprise/ Standard Edition for Microsoft Windows 32-bit
Mostly i used SQLplus and SQLdeveloper, for developing procedures/ functions/ packages in Oracle Spatial.
Also, am running it in one laptop (server and client altogether).
There is only one database in the Laptop (no other oracle database).
How to fix this ? Please kindly help me.
Many thanks in advance,
DamonHere are the ORA files :
( Btw the service name / SID is "orcl")
=====================================
TNSNAMES.ORA
# tnsnames.ora Network Configuration File: C:\ORACLE\product\11.1.0\db_1\network\admin\tnsnames.ora
# Generated by Oracle configuration tools.
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = geoltmatt)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)=====================================
LISTENER.ORA
# listener.ora Network Configuration File: C:\ORACLE\product\11.1.0\db_1\network\admin\listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = geoltmatt)(PORT = 1521))
)=====================================
SQLNET.ORA
# sqlnet.ora Network Configuration File: C:\ORACLE\product\11.1.0\db_1\network\admin\sqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)=====================================
also other said that we need to issue commands like
LSNRCTL STATUS
TNSPING [host]
Here they are :
LSNRCTL STATUS
LSNRCTL for 32-bit Windows: Version 11.1.0.6.0 - Production on 22-MAY-2008 18:12
:46
Copyright (c) 1991, 2007, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 11.1.0.6.0 - Produ
ction
Start Date 22-MAY-2008 12:03:17
Uptime 0 days 6 hr. 9 min. 29 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File C:\ORACLE\product\11.1.0\db_1\network\admin\listener.o
ra
Listener Log File c:\oracle\product\11.1.0\db_1\log\diag\tnslsnr\geoltma
tt\listener\alert\log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1521ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=geoltmatt)(PORT=1521)))
The listener supports no services
The command completed successfully
TNSPING [host]
TNS Ping Utility for 32-bit Windows: Version 11.1.0.6.0 - Production on 22-MAY-2
008 18:14:15
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
C:\ORACLE\product\11.1.0\db_1\network\admin\sqlnet.ora
Used EZCONNECT adapter to resolve the alias
Attempting to contact (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTO
COL=TCP)(HOST=128.250.171.197)(PORT=1521)))
OK (0 msec)Please kindly help me... (also thanks for vlado)
TIA.
=Damon -
Autodiscover and Outlook Anywhere return http status 401
Hi, I'm having issues with Autodiscovery (externally) and Outlook Anywhere for some users on our Exchange 2010 (SP3, RU2) setup. Just for information, we have Exchange servers at two AD sites (same forest / domain) with each site having 2 combined client
access / hub transport servers and 3 mailbox servers (with 2 stretched DAG's across both sites). Site A is internet facing, but site B isn't.
Autodiscovery
Internally, it's working fine (using the Test E-mail AutoConfiguration option within Outlook 2010). But externally (using the Microsoft TestConnectivity site), autodiscovery fails, returning the following:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
+Additional Details
Elapsed Time: 1783 ms.
+ Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
for user [email protected].
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
+Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your
full User Principal Name (UPN).
Headers received:
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.company.com"
The odd thing is, if I browse to the autodiscover file location (externally), then I'm prompted for credentials. When I enter the same credentials that I input into the Microsoft connectivity analyser, I do actually get the correct https status 600 response.
Also, within EMS, when I run "Test-OutlookWebServices" on Client Access servers in site B, I see the following results...
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id : 1104
Type : Error
Message : The certificate for the URL https://ExchServer.domain.local/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate
needs
to have a subject of ExchServer.domain.local, but the subject that was found is webmail.Company.com. Consider correcting service discovery,
or installing a correct SSL certificate.
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id : 1113
Type : Error
Message : When contacting https://ExchServer.domain.local:443/autodiscover/autodiscover.xml received the error The remote server returned
an error:
(500) Internal Server Error.
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
However - I can't see where Exchange has pulled the "...domain.local" address from for Autodiscovery. Both Get-AutodiscoveryVirtualDirectory and Get-ClientAccessServer both report the correct URLs/URIs with the FQDN of Company.Com (which are on
the GoDaddy certificate we use both internally and externally).
Outlook Anywhere
Whether my issues with Outlook Anywhere are related to Autodiscover, I'm not sure. Users who's mailbox is located at Site A (internet facing) are fine, and Outlook Anywhere works great. But users who's mailbox is at Site B, can't use Outlook Anywhere (Starting
Outlook in RPCDiag mode shows that it tries to connect, and sometimes establishes a connection for a couple of seconds, then disconnects completely).
Running "Test-OutlookConnectivity -Protocol:http" on a Client Access server at Site B, passes all but the last scenario (Mailbox::Logon), which throws up the following error:
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
ServiceEndpoint : ExchServer.domain.local
Id : MailboxLogon
ClientAccessServer : ExchServer.domain.local.ad.local
Scenario : Mailbox::Logon.
ScenarioDescription :
PerformanceCounterName : Mailbox: Logon latency
Result : Failure
Error :
UserName : ad.local\extest_a91a4b4076f24
StartTime : 14/01/2014 16:33:27
Latency : -00:00:00.0010000
EventType : Error
LatencyInMillisecondsString : -1.00
Identity :
IsValid : True
Testing Outlook Anywhere using Microsoft RCA throws up the error:
RPC Proxy can't be pinged.
An HTTP 401 error was received...
Any help is greatly appreciated. Let me know if I've missed any info!
Thanks
TonyHi Guys,
My first chance today to respond!
Firstly - thanks for all the information. I really appreciate it.
Well, the good news is that Outlook Anywhere is now working at Site B. It looks like a combination of disabling Outlook Anywhere at Site B (thanks
Jon), and then being patient and allowing replication to do its stuff (thanks Rhoderck).
However RCA is still showing ‘Failed’ with the following error. If it helps to have the full output, please let me know. Just for info, I chose
the option to test using autodiscovery (rather than manually enter it), which passed fine.
Attempting to ping RPC proxy webmail.company.com.
RPC Proxy can't be pinged.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password.
If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN). Headers received: Content-Type: text/html Server: Microsoft-IIS/7.5 WWW-Authenticate: Negotiate,NTLM X-Powered-By: ASP.NET Date: Tue, 21 Jan
2014 09:55:41 GMT Content-Length: 58
Elapsed Time: 1063 ms.
RPCProxy - ValidPorts
Thanks for the 'SoundTrackOfMyLife' link... that looks to be almost identical to my scenario (with the exception of the Kemp LoadMasters). Following
through the troubleshooting, my CAS servers at Site A (Internet Facing) are showing the registry key 'ValidPorts' as...
SiteB-ExchCasSvr01:593;SiteB-ExchCasSvr01:49152-65535
So - should this be...
SiteB-ExchMbxSvr01:6001-6002;SiteB-ExchMbxSvr01:6004;SiteB-ExchMbxSvr01.domain.local:6001-6002;SiteB-ExchMbxSvr01.domain.local:6004;
i.e. I only add ports 6001,6002 and 6004 for mailbox servers only? If so, which sites mailbox servers should I put in here?
SSL Off Loading
We've only really implemented SSL Offloading on the advice from Kemp (it's built in to their Exchange 2010 template). Apparently, the advantage
is the LoadMasters have a dedicated hardware processor for decryption/encryption of SSL traffic, thus taking the load off the Exchange servers. Exactly how much of a load this would normally be for our Exchange servers is unknown. We've followed Kemp's documentation
on unchecking 'Require SSL' for the IIS directories on Site A, and also configured Outlook Anywhere with SSL Offloading through the EMC. This was required as the Kemp's are not re-encrypting traffic to the CAS servers (which are on the same site / LAN
segment), and we're not a bank... so don't need encryption between the LoadMasters and the client access servers.
However, Site B (non internet facing) has 'Require SSL' enabled on IIS directories, since (I guess) traffic is encrypted when performing CAS-CAS
proxying?
I am, as ever, open to suggestions on this design... since our original design was to use TMG for reverse proxy. It was only the end-of-life issue
with TMG, and the fact that we opted for the Kemp LoadMasters (which offered ESP as a replacement to TMG) that swung us down this path.
ESP and SSO are implements on the LoadMaster at Site A (internet facing), which is (was!) not the problem site.
Thanks again for your time and assistance guys. We’re almost there!
Tony -
SQL Server 2005 SP4 not installing correct on Server 2003
Everytime I attempt to install SP4 on my Server 2003 system it states it goes through successfully but when I reboot it hasn't done anything.
Summary Log states all is successful for version 9.00.5000.00 (0 Errors, SQL Support: Passed, Summary: Successful)
after reboot or even before the sqlserver.exe shows its still version 9.00.4262.00 and still shows up in Microsoft updates and doesn't show the install at all in Add/Remove Programs
I'm at a complete loss on what to do.. I've tried the RTM download and the Auto Update method both with same results. Tried shutting down all services in relation as well. I'm lostTime: 01/30/2015 14:24:13.797
KB Number: KB2463332
Machine: *CLEARED*
OS Version: Microsoft Windows Server 2003 family, Standard Edition Service Pack 2 (Build 3790)
Package Language: 1033 (ENU)
Package Platform: x86
Package SP Level: 4
Package Version: 5000
Command-line parameters specified:
Cluster Installation: No
Prerequisites Check & Status
SQLSupport: Passed
Products Detected Language Level Patch Level Platform Edition
Setup Support Files ENU
9.4.5000 x86
SQL Server Native Client ENU 9.00.5000.00 x86
SQLXML4 ENU
9.00.5000.00 x86
Backward Compatibility ENU 8.05.2312
x86
Microsoft SQL Server VSS Writer ENU 9.00.5000.00 x86
Products Disqualified & Reason
Product Reason
Processes Locking Files
Process Name Feature Type User Name
PID
Product Installation Status
Product : Setup Support Files
Product Version (Previous): 5000
Product Version (Final) : 5000
Status : Success
Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\Redist9_Hotfix_KB2463332_SqlSupport.msi.log
Error Number : 0
Error Description :
Product : SQL Server Native Client
Product Version (Previous): 5000
Product Version (Final) : 5000
Status : Success
Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\Redist9_Hotfix_KB2463332_sqlncli.msi.log
Error Number : 0
Error Description :
Product : SQLXML4
Product Version (Previous): 5000
Product Version (Final) : 5000
Status : Success
Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\Redist9_Hotfix_KB2463332_sqlxml4.msi.log
Error Number : 0
Error Description :
Product : Backward Compatibility
Product Version (Previous): 2312
Product Version (Final) : 2312
Status : Success
Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\Redist9_Hotfix_KB2463332_SQLServer2005_BC.msi.log
Error Number : 0
Error Description :
Product : Microsoft SQL Server VSS Writer
Product Version (Previous): 5000
Product Version (Final) : 5000
Status : Success
Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\Redist9_Hotfix_KB2463332_SqlWriter.msi.log
Error Number : 0
Error Description :
Summary
Success
Exit Code Returned: 0
Maybe you are looking for
-
As I stated above, I have to constantly restart my computer because I get a message stating firefox is already running.
-
HT1222 MacOSX v10.6.8 mail and security update issues - help?
in the system profiler, my mail app is showing as v4.5 but has the application name Mail 3.6 Not sure if that matters but I read to reinstall updcombo and security update but when installing the security update I get: security update 2012-004 can'
-
Difference in Integration between eSourcing and ECC Vs CLM and ECC
Hi All. I understand SAP provides standard integration package for E-Sourcing and ECC. If i implement only CLM, (with out sourcing i.e Rfx and auctions), Is there a different package for CLM and ECC integration? Is the integration different and how w
-
How to block IP addresses or IP blocks through the 5505 ASDM interface, not through command lines?
Is it possible to block IP addresses or IP blocks through the 5505 ASDM interface, and not through command lines? If so, how?
-
Dreamweaver 8 Mac OSX I'm looking to add a paypal account to a client's website. He wants to be able to have customers download music for a fee. Any recommendations on how I should handle the downloading part of this? or is this something I need to t